Last active
March 26, 2024 10:26
-
-
Save forquare/b4e12938b1240238ef64e3d6ba5d9669 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Booting from: FreeBSD-12.1-RELEASE-amd64-disc1.iso | |
# SHA256: aa9d34b458826486999ed3e872436b6712ae38cede5ea41de4ab923e3419d461 | |
# We will set up a VERY simple test install | |
# This will have a ZFS mirror (2x16GB disks) | |
# There will be NO SWAP | |
# Install | |
# Set keyboard to UK | |
# Hostname: geli | |
# No optional system components | |
# Select shell for disk config | |
############################################################################################################ | |
# gpart create -s gpt ada0 | |
ada0 created | |
# gpart create -s gpt ada1 | |
ada1 created | |
# gpart add -a 4k -t efi -s 200m -l efiboot0 ada0 | |
ada0p1 added | |
# gpart add -a 1m -t freebsd-swap -s 1g -l swap0 ada0 | |
ada0p2 added | |
# gpart add -a 1m -t freebsd-zfs -l zfs0 ada0 | |
ada0p3 added | |
# gpart add -a 4k -t efi -s 200m -l efiboot1 ada1 | |
ada1p1 added | |
# gpart add -a 1m -t freebsd-swap -s 1g -l swap1 ada1 | |
ada1p2 added | |
# gpart add -a 1m -t freebsd-zfs -l zfs1 ada1 | |
ada1p3 added | |
# gpart show | |
=> 9 444331 cd0 MBR (868M) | |
9 444331 - free - (868M) | |
=> 9 444331 iso9660/12_1_RELEASE_AMD64_CD MBR (868M) | |
9 444331 - free - (868M) | |
=> 40 33554352 ada0 GPT (16G) | |
40 409600 1 efi (200M) | |
409640 2008 - free - (1.0M) | |
411648 2097152 2 freebsd-swap (1.0G) | |
2508800 31043584 3 freebsd-zfs (15G) | |
33552384 2008 - free - (1.0M) | |
=> 40 33554352 ada1 GPT (16G) | |
40 409600 1 efi (200M) | |
409640 2008 - free - (1.0M) | |
411648 2097152 2 freebsd-swap (1.0G) | |
2508800 31043584 3 freebsd-zfs (15G) | |
33552384 2008 - free - (1.0M) | |
=> 40 33554352 diskid/DISK-VBa57305fa-32e03234 GPT (16G) | |
40 409600 1 efi (200M) | |
409640 2008 - free - (1.0M) | |
411648 2097152 2 freebsd-swap (1.0G) | |
2508800 31043584 3 freebsd-zfs (15G) | |
33552384 2008 - free - (1.0M) | |
=> 40 33554352 diskid/DISK-VBe8261acf-02da3258 GPT (16G) | |
40 409600 1 efi (200M) | |
409640 2008 - free - (1.0M) | |
411648 2097152 2 freebsd-swap (1.0G) | |
2508800 31043584 3 freebsd-zfs (15G) | |
33552384 2008 - free - (1.0M) | |
# newfs_msdos -F 16 -L EFISYS /dev/ada0p1 | |
/dev/ada0p1: 409360 sectors in 25585 FAT16 clusters (8192 bytes/cluster) | |
BytesPerSec=512 SecPerClust=16 ResSectors=1 FATs=2 RootDirEnts=512 Media=0xf0 FATsecs=100 SecPerTrack=63 Heads=16 HiddenSecs=0 HugeSectors=409600 | |
# mount_msdosfs /dev/ada0p1 /mnt | |
# mkdir -p /mnt/efi/boot | |
# cp /boot/loader.efi /mnt/efi/boot/BOOTx64.efi | |
# echo "BOOTx64.efi" > /mnt/efi/boot/startup.nsh | |
# umount /mnt | |
# newfs_msdos -F 16 -L EFISYS /dev/ada1p1 | |
/dev/ada1p1: 409360 sectors in 25585 FAT16 clusters (8192 bytes/cluster) | |
BytesPerSec=512 SecPerClust=16 ResSectors=1 FATs=2 RootDirEnts=512 Media=0xf0 FATsecs=100 SecPerTrack=63 Heads=16 HiddenSecs=0 HugeSectors=409600 | |
# mount_msdosfs /dev/ada1p1 /mnt | |
# mkdir -p /mnt/efi/boot | |
# cp /boot/loader.efi /mnt/efi/boot/BOOTx64.efi | |
# echo "BOOTx64.efi" > /mnt/efi/boot/startup.nsh | |
# umount /mnt | |
# geli init -bg -l 256 /dev/gpt/zfs0 | |
Enter new passphrase: | |
Reenter new passphrase: | |
Metadata backup for provider /dev/gpt/zfs0 can be found in /var/backups/gpt_zfs0.eli | |
and can be restored with the following command: | |
# geli restore /var/backups/gpt_zfs0.eli /dev/gpt/zfs0 | |
# geli init -bg -l 256 /dev/gpt/zfs1 | |
Enter new passphrase: | |
Reenter new passphrase: | |
Metadata backup for provider /dev/gpt/zfs1 can be found in /var/backups/gpt_zfs1.eli | |
and can be restored with the following command: | |
# geli restore /var/backups/gpt_zfs1.eli /dev/gpt/zfs1 | |
# geli attach /dev/gpt/zfs0 | |
Enter passphrase: | |
# geli attach /dev/gpt/zfs1 | |
Enter passphrase: | |
# zpool create -o altroot=/mnt -O compress=lz4 -O atime=off -m none -f zroot mirror gpt/zfs0.eli gpt/zfs1.eli | |
# zfs create -o mountpoint=none zroot/ROOT | |
# zfs create -o mountpoint=/ zroot/ROOT/default | |
# zfs create -o mountpoint=/tmp -o exec=on -o setuid=off zroot/tmp | |
# zfs create -o mountpoint=/usr -o canmount=off zroot/usr | |
# zfs create zroot/usr/home | |
# zfs create -o setuid=off zroot/usr/ports | |
# zfs create zroot/usr/src | |
# zfs create -o mountpoint=/var -o canmount=off zroot/var | |
# zfs create -o exec=off -o setuid=off zroot/var/audit | |
# zfs create -o exec=off -o setuid=off zroot/var/crash | |
# zfs create -o exec=off -o setuid=off zroot/var/log | |
# zfs create -o atime=on zroot/var/mail | |
# zfs create -o setuid=off zroot/var/tmp | |
# zfs set mountpoint=/zroot zroot | |
# zpool set bootfs=zroot/ROOT/default zroot | |
# mkdir -p /mnt/boot/zfs/ | |
# zpool set cachefile=/mnt/boot/zfs/zpool.cache zroot | |
# zfs set canmount=noauto zroot/ROOT/default | |
# exit | |
############################################################################################################ | |
# Set root password | |
# Set up networking | |
# Disable dumpdev | |
# Enable all system hardening | |
# Don't add users | |
# Exit | |
# Go into shell | |
# Enable ZFS in rc.conf: | |
### zfs_enable=yes | |
# Set up /boot/loader.conf: | |
### aesni_load="YES" | |
### geom_eli_load="YES" | |
### geom_mirror_load="YES" | |
### security.bsd.allow_destructive_dtrace=0 | |
### kern.geom.label.disk_ident.enable="0" | |
### kern.geom.label.gptid.enable="0" | |
### opensolaris_load="YES" | |
### zfs_load="YES" | |
# Reboot without CD | |
############################################################################################################ | |
############################################################################################################ | |
# Boot system | |
# Type GELI password (for ada0p3) | |
# Log into system | |
# Show zpool status and list geli: | |
root@geli:~ # zpool status | |
pool: zroot | |
state: ONLINE | |
scan: none requested | |
config: | |
NAME STATE READ WRITE CKSUM | |
zroot ONLINE 0 0 0 | |
mirror-0 ONLINE 0 0 0 | |
ada0p3.eli ONLINE 0 0 0 | |
ada1p3.eli ONLINE 0 0 0 | |
errors: No known data errors | |
root@geli:~ # geli list | |
Geom name: ada0p3.eli | |
State: ACTIVE | |
EncryptionAlgorithm: AES-XTS | |
KeyLength: 256 | |
Crypto: hardware | |
Version: 7 | |
UsedKey: 0 | |
Flags: BOOT, GELIBOOT | |
KeysAllocated: 30 | |
KeysTotal: 30 | |
Providers: | |
1. Name: ada0p3.eli | |
Mediasize: 15894314496 (15G) | |
Sectorsize: 512 | |
Mode: r1w1e1 | |
Consumers: | |
1. Name: ada0p3 | |
Mediasize: 15894315008 (15G) | |
Sectorsize: 512 | |
Stripesize: 0 | |
Stripeoffset: 1284505600 | |
Mode: r1w1e1 | |
Geom name: ada1p3.eli | |
State: ACTIVE | |
EncryptionAlgorithm: AES-XTS | |
KeyLength: 256 | |
Crypto: hardware | |
Version: 7 | |
UsedKey: 0 | |
Flags: BOOT, GELIBOOT | |
KeysAllocated: 30 | |
KeysTotal: 30 | |
Providers: | |
1. Name: ada1p3.eli | |
Mediasize: 15894314496 (15G) | |
Sectorsize: 512 | |
Mode: r1w1e1 | |
Consumers: | |
1. Name: ada1p3 | |
Mediasize: 15894315008 (15G) | |
Sectorsize: 512 | |
Stripesize: 0 | |
Stripeoffset: 1284505600 | |
Mode: r1w1e1 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment